package cn.itsource.ymcc.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

//资源服务配置
@Configuration
public class ResourceServerConfig extends BaseResourceServerConfig {

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        //资源ID
        resources.resourceId("courseId");
        super.configure(resources);
    }


    //2.资源服务的资源的授权配置，比如那些资源放行，那些资源需要什么权限等等
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.cors().disable().authorizeRequests()
                .antMatchers(
                        "/webjars/**",
                        "/swagger-ui.html/**",
                        "/swagger-resources/**",
                        "/v2/**",

                        "/course/detail/data/**",
                        "/courseType/crumbs/**",
                        "/courseType/treeData"
                        ,"/detail/video/**").permitAll()
                .anyRequest().authenticated()
                //把session设置为无状态，意思是使用了token，那么session不再做数据的记录
                .and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        super.configure(http);
    }

}